Skip to main content

CVE-2025-24917: CWE-284: Improper Access Control in Tenable Network Monitor

High
VulnerabilityCVE-2025-24917cvecve-2025-24917cwe-284
Published: Fri May 23 2025 (05/23/2025, 15:59:20 UTC)
Source: CVE
Vendor/Project: Tenable
Product: Network Monitor

Description

In Tenable Network Monitor versions prior to 6.5.1 on a Windows host, it was found that a non-administrative user could stage files in a local directory to run arbitrary code with SYSTEM privileges, potentially leading to local privilege escalation.

AI-Powered Analysis

AILast updated: 07/08/2025, 20:09:50 UTC

Technical Analysis

CVE-2025-24917 is a high-severity vulnerability affecting Tenable Network Monitor versions prior to 6.5.1 running on Windows hosts. The vulnerability arises from improper access control (CWE-284) that allows a non-administrative user to stage files in a local directory, which can then be executed with SYSTEM privileges. This effectively enables local privilege escalation, where an attacker with limited user rights can gain full control over the affected system. The vulnerability is characterized by a CVSS 3.1 base score of 7.8, reflecting high impact on confidentiality, integrity, and availability. The attack vector is local (AV:L), requiring low attack complexity (AC:L) and low privileges (PR:L), but no user interaction (UI:N). The scope is unchanged (S:U), meaning the impact is confined to the vulnerable component or system. Exploitation could allow an attacker to execute arbitrary code with SYSTEM-level privileges, potentially leading to full system compromise, unauthorized access to sensitive data, and disruption of network monitoring capabilities. No known exploits are currently reported in the wild, and no official patch links are provided yet, but the vendor has reserved the CVE and published the advisory. The vulnerability specifically targets Windows hosts running Tenable Network Monitor, a widely used network security monitoring tool, which is often deployed in enterprise environments for continuous network visibility and threat detection.

Potential Impact

For European organizations, this vulnerability poses a significant risk, especially for those relying on Tenable Network Monitor for network security monitoring and vulnerability management. Successful exploitation could lead to full system compromise of monitoring infrastructure, undermining the integrity and availability of critical security data. This could delay detection of other threats, facilitate lateral movement by attackers, and potentially lead to broader network breaches. Given the SYSTEM-level privileges gained, attackers could disable security controls, exfiltrate sensitive information, or disrupt business operations. Organizations in sectors with stringent regulatory requirements such as finance, healthcare, and critical infrastructure could face compliance violations and reputational damage. The local nature of the exploit means that insider threats or attackers who have gained initial footholds with limited privileges could escalate their access rapidly. The absence of known exploits in the wild provides a window for proactive mitigation, but the high severity and ease of exploitation warrant immediate attention.

Mitigation Recommendations

European organizations should prioritize upgrading Tenable Network Monitor to version 6.5.1 or later as soon as it becomes available to address this vulnerability. In the interim, restrict local user access to systems running the vulnerable versions, enforcing strict access controls and monitoring for unusual file staging activities in local directories. Employ application whitelisting to prevent unauthorized code execution and leverage endpoint detection and response (EDR) solutions to detect suspicious behavior indicative of privilege escalation attempts. Regularly audit user permissions and remove unnecessary local accounts or privileges. Network segmentation can limit the impact of a compromised monitoring host. Additionally, implement robust logging and alerting mechanisms to identify potential exploitation attempts early. Organizations should also stay informed via vendor advisories and threat intelligence feeds for any emerging exploit developments and patches.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
tenable
Date Reserved
2025-01-28T20:09:40.193Z
Cisa Enriched
false
Cvss Version
3.1
State
PUBLISHED

Threat ID: 68309d5f0acd01a2492740ad

Added to database: 5/23/2025, 4:07:59 PM

Last enriched: 7/8/2025, 8:09:50 PM

Last updated: 8/13/2025, 11:51:31 PM

Views: 16

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats